6.1
CVE-2023-22971
- EPSS 1.27%
- Veröffentlicht 26.01.2023 21:18:13
- Zuletzt bearbeitet 28.03.2025 17:15:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hughes ≫ Hx200 Firmware Version8.3.1.14
Hughes ≫ Hx90 Firmware Version6.11.0.5
Hughes ≫ Hx50l Firmware Version6.10.0.18
Hughes ≫ Hn9460 Firmware Version8.2.0.48
Hughes ≫ Hn7000s Firmware Version6.9.0.37
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.27% | 0.791 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.